…I can see slip
ups happening like a weird news link or maybe some fake news from a content
farm (that’s a problem, too), but social networking might need to do some
better quality checks. I can’t think of
anything worse than telling everyone I know I’m dead.

…according to
newly unsealed documents recently obtained by the American Civil Liberties
Union, the FBI not only temporarily took over one Tor-hidden child pornography
website in order to investigate it, the organization was in fact authorized to
run a
total of 23 other such websites.

In the normal course of the
operation of a web site, a user sends "request data" to the web site
in order to access that site. While Websites 1-23 operate at a government facility,
such request data associated with a user's actions on Websites 1-23 will be
collected. That data collection is not a
function of the NIT. Such request data can be paired with data collected by the
NIT, however, in order to attempt to identify a particular user and to
determine that particular user's actions on Websites 1-23.

…Security
researcher Sarah Jamie Lewis told
Ars that “it’s a pretty reasonable assumption” that at one point the FBI was running roughly half of the known child porn
sites hosted on Tor-hidden servers.

Starting sometime
this month, AT&T will offer an internet-only subscription TV package,
with upwards of 100 channels for $35 per month. If the channel selection and pricing are as
good as the company promises, it will be a hit.

But AT&T was banking on one other thing to really sell
DirecTV Now: integration with AT&T’s cell network, which would let you
stream TV channels on your smartphone without using up your data plan. It’s the kind of deal that only AT&T could
pull off, as the owner of a national cell and cable network. But according to a letter from the Federal
Communications Commission, doing so could be illegal.

In the letter, the FCC says it “believes that the terms and
conditions under which Sponsored Data is offered to content providers
unaffihiated with AT&T, combined with s current practice of zero-rating
DIRECTV video applications for AT&T Mobility subscribers, may obstruct
competition and harm consumers by constraining their ability to access existing
and future mobile video services not affiliated with AT&T.”

Reinforcing prejudice with legislation?Only in California do they attack a symptom
rather than the cause.

Many actors think there ought to be a law against posting
their ages online, and California has obliged critics of ageism in Hollywood
with legislation targeting a leading online source for information on movie and
television figures.

The law, passed earlier this year, has been challenged in
a lawsuit by the company IMDb, which is owned by
Amazon and operates a repository of information on the film and
television industry.

…The lawsuit said
the law, known as AB 1687, was unfair because it was carefully tailored to
apply only to the Delaware-based IMDb.com Inc, and not other sources of
information such as media websites.

Doors close fast when a big giant like Pinterest gobbles
up a smaller Instapaper.
But sometimes a ray of light shines
through which promises more. The
bookmark-and-read-it-later service was bought out by Pinterest in August. Instead of shuttering it, Pinterest has
decided to open it up for everyone.

As someone with a second-degree black belt in Okinawan
Goju Ryu Karate, I’ve made martial-art training a big part of my life for the
past 20 years. I’m equally committed to
learning how to do things online. But
I’ve always wondered: Is studying karate online a viable option for those who
can’t get to a real school?

Less than six hours after Donald Trump became the
presumptive president-elect of the United States, a Russian hacker gang perhaps
best known for breaking into computer networks at the Democratic National
Committee launched a volley of targeted phishing campaigns
against American political think-tanks and non-government organizations (NGOs).

…“Two of the
attacks purported to be messages forwarded on from the Clinton Foundation
giving insight and perhaps a postmortem analysis into the elections,” Adair
wrote.”Two of the other attacks
purported to be eFax links or documents pertaining to the election’s outcome
being revised or rigged. The last attack
claimed to be a link to a PDF download on “Why American Elections Are
Flawed.”

Was the insurance company on the hook for other costs if
they didn’t pay the ransom?

Lisa Cannon, director of the county’s IT department, said the county will
make sure the system is secure before new data is placed in the system.“We’re in the process of adding a backup system,”she said.

…Lyons said her
employees were taking either vacation or personal time off.

“Without
the computer system there could be no work done,” Lyons said. “We have to access all our information on the
computers.”

A lot of questions are emerging about Facebook’s role in
this year’s election cycle, especially given the proliferation of sensationalistic
and even outright fake news stories, and CEO Mark Zuckerberg has responded.

“I think the idea that fake news on Facebook—of which it’s
a very small amount of the content—influenced the election in any way is a
pretty crazy idea,” he said on Thursday at the Techonomy conference in Half
Moon Bay, Calif.

At a little past 9:30 p.m. Tuesday, the head of a little-known
data analytics team working for Donald Trump in San Antonio sent a flurry of
messages to the campaign’s New York war room: Florida had tipped and the models
were predicting a more than 50% chance he would win the presidency.

Until then, the number-crunching and analytics for Mr.
Trump felt more like a “data experiment,” said Matthew Oczkowski, head of
product at Cambridge Analytica, who led the team for nearly six months.

…It is too early
to assess the full impact Cambridge Analytica had on the Trump campaign. While its advice aided the campaign in
targeting ads, some of its polling predictions, like those from most survey
firms, were off.

On Monday, Cambridge Analytica gave Mr. Trump less than a
30% chance of winning. “So many states
were close to the margin of error that it could swing either way,” Mr.
Oczkowski explained.

But the unexpected win is likely to bring new attention to
the company’s psychological approach, in
which it used reams of information about voters harvested from databases, the
internet and field operatives.

The agency for a year had been working through a
solicitation to bring on additional private companies to beef up the PreCheck
application network as it works toward the Department of Homeland Security's
goal of enrolling 25 million people in trusted-traveler programs (PreCheck and
Global Entry) by 2019. At present,
PreCheck enrollment is close to 4 million, TSA says.

In late October, however, the TSA withdrew the
solicitation, citing "the increased and evolving cybersecurity risks over
the past year.

…Increasing
enrollment in PreCheck is a goal of both the TSA and travel industry advocates,
who cite the efficiency and safety
enhancements [Like what?Bob]
that trusted-traveler programs bring to airport security checkpoints. PreCheck members move more quickly through
screening lines than other travelers because they don't have to remove shoes,
jackets or belts, or take laptops out of carry-on bags.

Russia has for the first time invoked its ban on websites
storing personal data outside the country. It’s picked a high-profile target, LinkedIn –
and says even bigger companies could be next on the list.

According to local media, a court has upheld a complaint
by regulator Roskomnadzor, which says that LinkedIn has failed to satisfy its
concerns. Indeed, according to local
news agency TASS, the company hasn’t even been in touch since the ruling was
announced yesterday.

…Since the law
came into effect in September last year, Russia has audited more than 1,500
companies to make sure they comply, gaining agreement from Google, eBay,
Booking.com and other Western firms.

More on outsourcing.(Interesting that California is the starting point.)

There are reservations within the University of California
system about a plan to move IT work offshore and lay off employees.

After Computerworld wrote
in September about the
layoff plan at the university's San Francisco campus, Larry Conrad, the
associate vice chancellor for IT and CIO at the Berkeley campus, wrote a memo
to IT staff about it.

He noted that some on his IT staff had seen the story and
he wanted to respond.

"The UCSF effort is indeed an ambitious
undertaking," wrote Conrad in a memo obtained by Computerworld. "Candidly, I am not aware of any major
university in the country which has successfully implemented such a substantive
IT outsourcing initiative."

The San
Francisco campus, which includes a medical center, has hired India-based HCL
under a five-year contract valued at $50 million. As part the move, the university is laying off
49 permanent IT employees and cutting about 30 contractors. Some of the IT workers say they expect to be
training H-1B-visa-holding foreign replacements.

Publicly traded online payment company PayPal today is
announcing that its app for devices running iOS 10 now lets users tell the
built-in Siri virtual assistant to send or ask other people for money through
PayPal.

Tesco Bank has released more
details regarding the cyber attack that took control of its online accounts and
led the bank to freeze all of its users online transactions.

Over the weekend the bank was hit by an attack that it
initially thought affected 20,000 customers. However, Tesco Bank has now revealed that only
9,000 accounts were compromised by the security breach. Though the amount of customers affected is
lower than first reported, some of those whose accounts were accessed during
the attack lost as much as £2,000.

On Tuesday, Tesco Bank announced
that it had refunded £2.5 million to all of those affected by the breach and
guaranteed that no personal data was obtained during the attack.

Should I change all of my online banking and personal
details that you hold?

Tesco Bank has not been subject to a security compromise and
it is not necessary for customers to change their login or password details. To stay safe online we do recommend that
customers regularly change their passwords.

…Tesco did not
use the "H" word in its statement and in interviews its chief
executive and other people speaking on behalf of the company have been careful
in their choice of language.

It has said
that the attack was "sophisticated" and that
an initial investigation had revealed exactly what had happened.

So far, it has not shared that information but Tesco's
actions in the wake of the weekend's events do help to narrow down the possibilities.

By letting customers withdraw cash from ATMs, use cards in
shops and pay bills, it suggests that whatever went wrong does not involve the
core computer systems underpinning Tesco bank. These systems used to be run by RBS but since
2008 Tesco has operated independently.

Security expert James Maude, from software company Avecto,
said Tesco's decision to suspend online
transactions combined with the information that so many people were hit at once
clearly suggests problems with its website.

All too often, he said, maintenance or website updates can
introduce errors and bugs that were not present before. Cyber-thieves are constantly scanning valuable
websites to spot changes and will swoop if one emerges.

It might also be the case that a third party connected to
Tesco had a security issue and attackers got in via that route, which has
happened in some of the biggest attacks in recent memory.

More than 2,100 Colorado veterans
may have had their personal information compromised, the VA Eastern Colorado
Health Care System (ECHCS) said Wednesday.

At risk are the veterans’ names,
the last four digits of their Social Security number and their diagnoses. According to the ECHCS, the information may
have been compromised when a VA employee emailed unencrypted documents to their
personal email account.

Yahoo Inc. is
evaluating whether an unidentified hacker has access to its user account data,
following a 2014 hack that resulted in the theft of more than 500
million user account records.

In a regulatory filing Wednesday, Yahoo said
law-enforcement authorities on Monday “began sharing certain data that they
indicated was provided by a hacker who claimed the information was Yahoo user
account data.” Yahoo said it would
“analyze and investigate the hacker’s claim.”

…The data could
shed some light on what may be the largest theft of consumer data ever. Yahoo has said previously that it believes its
networks were compromised in late 2014
by “state-sponsored” hackers who stole names, email addresses, telephone
numbers and dates of birth of more than 500 million users. But information-security firm InfoArmor Inc.
later said the data had been stolen by criminals, rather than a state-sponsored
group.

…The company is
facing 23 class-action lawsuits following the hack, the filing said.

Next week I lecture on outsourcing to my IT Governance
class, but I may post this for my Software Architecture students as well.

Machine intelligence is here, and we're already using it
to make subjective decisions. But the
complex way AI grows and improves makes it hard to understand and even harder
to control. In this cautionary talk,
techno-sociologist Zeynep Tufekci explains how intelligent machines can fail in
ways that don't fit human error patterns — and in ways we won't expect or be
prepared for.

Try.Long before
age 13, some kids will be able to bypass any restrictions – and I think that’s
fine!

The Department of
Justice has launched a consultation on the statutory “age of
digital consent” to be applied in Ireland as part of the EU
General Data Protection Regulation (GDPR).

Article 8 of the GDPR provides
that, in the case of information society services offered directly to a child,
parental consent is required where personal information of a child under 16 is
collected and shared with other service providers. Service providers are required to make
reasonable efforts to verify that parental consent is given in each case.

However, member states are
allowed to adopt a lower age threshold, which cannot be lower than 13.

In July 2016, the mega-hit “Gangnam Style” by South
Korean singer PSY surpassed 2.6 billion views on YouTube. Big Bang, a Korean pop (K-Pop) boy band,
earned $44 million in 2015, making it among the highest paid in the industry. Is K-Pop just a passing fad — a matter of a
few songs going viral? The answer is no.
The global
success of K-Pop did not happen by accident, nor is it simply an
interesting cultural phenomenon.

Wednesday, November 09, 2016

A Glitch Caused Donald Trump's Site to Say Whatever The Internet
Wanted It to Say

Until recently, Republican presidential candidate Donald
Trump’s official campaign
website featured an amusing glitch that allowed Internet users to modify
its headline text however they so pleased.

The campaign website’s home page auto-generated a default
message that encouraged visitors to vote for the Trump ticket. But by editing the text in the page’s
URL—replacing words between its “%20” notation dividers, typical URL encoding
that denotes spacing—anyone could replace those words with their own message.

Hackers tried to take down pro-Clinton phone banks the day
before the election, but inadvertently hit Republican calls too

Hackers tried to knock out political call centers on
Monday in an effort to "harm Clinton's chances of winning," but they
may have done equal damage to Republican phone lines, according to the company
that was targeted.

…Hustle, a
venture-backed startup that was founded in 2014, caught on early with Bernie
Sanders’s grass roots organizers.

…Starting in
mid-2015 Sanders field personnel started using the app, which allows users to
aim texts at a long list of recipients, sending each one individually in
rapid-fire, then giving the user a platform to manage their text conversations
with voters. This approach allows the campaigns to get around regulations
that prevent robo-dialing mobile phone numbers.

If you bought a car in the last
few years, there’s a good chance your personal information may have found its
way to the open internet.

Names, addresses, phone numbers
and social security numbers for both customers and employees for over a hundred
car dealerships have leaked online, all thanks to a centralized records system
coupled with shoddy security.

The system, built and operated by
DealerBuilt, an Iowa-based database software company, sells
management systems for car dealerships across the US, offering a central system
for sales, customer relations, and employee payroll needs.

Last week, MacKeeper security researchers found 128 dealership systems,
known as LightYear machines, were backing up to DealerBuilt’s central systems
without any encryption or security, allowing anyone to see what was being
backed up.

At least 1,000 schools across the
UK are using forms of ‘surveillance’ technology to monitor the activity of
pupils, a new report has claimed.

Privacy advocates Big Brother
Watch has published
research claiming 72 per cent of secondary schools use ‘Classroom
Management Software’ to keep an eye on pupils. The system, which can check use of computers,
including internet history, is installed on 819,970 school-owned devices and
1,416 private devices, the group says.

…Where the new
Assistant is concerned, Google is soon to offer up keys to the city, so to
speak, starting next month with the launch of developer tools to make it even
easier for people to add their own functionality to the wider platform.

Starting in December, Google will open up the Assistant in
three distinct ways, one of which will be allowing users to embed the Assistant
itself inside of third-party hardware, a la Amazon’s Alexa. Direct Actions will
allow services and products to offer simple, recognizable commands for the
Assistant to connect other devices and services together and finally,
Conversation Actions, will allow developers to add in more sophisticated features,
like offering access to a bank account, going back-and-forth with the user to
complete the task at hand.

With Kodi being a free, open source media center, it’s no
surprise there are plenty of options to customize your experience when using
it. These range from changing the
overall appearance of Kodi, to setting up profiles for different family
members.

In high school, I worked summers at a summer stock theater
that hosted music on Mondays.I got to
see both Louis Armstrong and Ella Fitzgerald (not together).Since I played trumpet (poorly) in those
days, Armstrong was already a hero.Ella
is still the best jazz voice I have ever heard.Follow this link and listen for yourself.

Two of America’s greatest musicians- listen and fall in
love with music that will stay with you a lifetime: A century-defining album’s improbable genesis
“…The first of three successful collaborations between Ella Fitzgerald and
Louis Armstrong, “Ella and Louis” is nearly perfect. It is one of those works of art — and they
don’t come along often — that seems to have always existed. It features two of the greatest artists the
century produced: Armstrong, the innovator and ambassador of jazz, and
Fitzgerald, its most gifted singer. The
album was produced by a man almost solely responsible for bringing jazz into
the realm of respectability and desegregating its audience, who founded the
label which released it, and assembled the all-star team of musicians who made
it so marvelous. “Ella and Louis” helped
rekindle interest in what would become known as The Great American Songbook. Though it is something only American culture
could produce, “Ella and Louis” was also something a large part of American
society worked hard to prevent…”

…A Facebook
spokesperson tells me, “Based on behavior we’ve seen on Facebook, where many
small businesses post about their job openings on their Page, we’re running a
test for Page admins to create job postings and receive applications from
candidates.”

The new features could compete with LinkedIn, as well as
developers like Work4, Workable and Jobscore that build “Jobs” tab applications
that businesses can embed in their Facebook Pages. Perhaps Facebook was prepping for these new
features when it tested Profile Tags last year that mimic LinkedIn’s endorsements
feature.

Facebook has agreed to stop using WhatsApp data to target
users with advertising in the U.K. and has been warned could face legal action
if it resumes the practice.

The agreement is an initial victory for Information
Commissioner Elizabeth Denham, who launched an inquiry into the data sharing
earlier this year after expressing concern that user data was not being
properly protected.

"I don’t think users have
been given enough information about what Facebook plans to do with their
information, and I don’t think WhatsApp has got valid consent from users to
share the information," she
said in a statement on Monday.

…"Tesco Bank
can confirm that, over the weekend, some of its customers' current accounts
have been subject to online criminal activity, in some cases resulting in money
being withdrawn fraudulently," Tesco Bank CEO Benny Higgins said in a
statement.

Wholly-owned Tesco Bank, which has 136,000 current
accounts, has frozen all online banking transactions from current accounts and
said it would refund those which had money stolen. Customers will be allowed to use cards to
withdraw cash and to make payments, Higgins said.

Undue reliance on emails?How would you prevent this from happening at your organization?

The top business manager for the
East Baton Rouge Parish school system fell for an unsophisticated con, wiring
$46,500 to someone who claimed via email to be Superintendent Warren Drake, even though the man himself was working in an office
next door.

The school system on Thursday
disclosed the fraud known as “phishing,” which occurred twice in May. The details are outlined in a special audit,
received late Thursday from the auditing firm Postlethwaite & Netterville,
that examines what happened and suggests ways to prevent it from happening
again.

It sounds like such a simple question that should have an
obvious “yes” answer, but you might be surprised to see what happens when
hackers taunt social media teams about hacks. It’s an issue I’ve mentioned before:

NullCrew revealed that they had
access to Bell’s server for months, and had disclosed that to them in a chat
with Bell Support weeks ago. A screenshot
of the chat between NullCrew and Bell Support employee “Derek” shows that
NullCrew was informing Bell that they were in possession of users’ information
— DataBreaches.net,
February 2, 2014.

If your business has a Twitter
account, do those responsible for it know how to respond to tweets informing
them of a data security breach? — DataBreaches.net,
August 24, 2015.

Last night, it happened again: a well-intentioned social
media team on Twitter did not appear to understand that they were being told
they had been hacked. USAA’s Twitter
team’s responses left people variously laughing at them, mocking them, or
if they were a customer, worried for the security of their information.

Here was how the exchange began:

[Read the
whole sorry mess.Bob]

For my Smartphone using students. Hackers have a great grasp of the
obvious.

Via
The New York Times, hundreds of fake shopping apps have been hitting
the App Store in the last few weeks, stealing recognizable brand names and
logos, in an attempt to confuse App Store customers to download their
counterfeit apps instead of the real thing. The fraudsters are attempting to
capitalize on the holiday shopping season.

…App
Review fails to recognize most cases of trademark infringement (or it
simply doesn’t look for such issues at all) which allows fake apps like these
ones to appear in the App Store.

The fraudsters can then capitalize on their victims
by encouraging customers to buy the ‘real’ branded products with credit cards,
thereby stealing their financial information. (Apps that sell physical goods are allowed to
request users to provide payment details, bypassing the usual protections and safeguards of Apple’s
sanctioned In-App Purchase system.)

Surprise! The Internet of Things is a security
nightmare. Anyone who was online a
few weeks ago can attest to that. The
massive internet blackout was caused by
connected devices, and new research from white-hat hackers expounds upon
those types of vulnerabilities. The
target? Philips Hue smart lightbulbs. While they've been hacked
in the past, Philips was quick to point out that it happening in a
real-world situation would be pretty difficult. Digital intruders would need to already be on
your home network with a computer of their own -- the company claimed that
directly attacking the lightbulbs wasn't exactly feasible. But this
new attack doesn't require that sort of access.

In fact, all it takes is tricking the bulbs into accepting
a nefarious firmware update. By
exploiting a weakness in the Touchlink aspect of the ZigBee Light Link system (again!),
the hackers were able to bypass the built-in safeguards against remote access. From there, they "extracted the global
AES-CCM key" that the manufacturer uses to encrypt and authenticate new
firmware, the researchers write
(PDF).

"The malicious firmware can disable additional downloads,
and thus any effect caused by the worm, blackout, constant flickering, etc.)
will be permanent." What's more,
the attack is a worm, and can jump from connected device to connected device
through the air. It could potentially
knock out an entire city with just one infected bulb at the root "within
minutes."

If you own a Samsung washing machine, then be afraid, be
very afraid. Samsung is being forced to
recall 2.8 million of its washing machines due to the possibility of them
shaking themselves apart. Or, to put it
another way, exploding. Sound familiar?

Let’s not bury the lede here. Samsung is recalling 2.8 million washing machines in the
United States. The voluntary recall,
made in cooperation with the Consumer Product Safety Commission (CPSC), affects
“certain top-load washers manufactured between March 2011 and current
production dates”.

…The Cyber
Security Law was passed by the Standing Committee of the National People’s
Congress, China’s top legislature, and will take effect in June, government
officials said Monday. Among other
things, it requires internet operators to cooperate with investigations
involving crime and national security, and imposes mandatory testing and certification of computer equipment. [No exploding
phones in China?Bob]Companies must also give government
investigators full access to their data if wrong-doing is suspected

…The fear among
foreign companies is that requirements to store data locally and employ only
technology deemed “secure” means local firms gain yet another edge over foreign
rivals from Microsoft Corp. to Cisco System Inc.

I pass these on to all my students in the hope that they
get filthy rich and remember who gave them the idea…

These guys built a $273 million startup from discarded
computers and an almost secret source of seed money

Founded in 2010 by CEO Mohit Lad and CTO Ricardo
Oliveira from their grad school work at UCLA, ThousandEyes helps ensure that
when bits of the internet go down, companies can avoid being taken down
too — even if the problem is on the internet and out of their control.

…And it all began
with a bunch of computer servers that the founders scrounged out of big
corporate electronics recycling bins and from a second-hand computer store in
Sunnyvale known as Weird Stuff.

…"We could
go to Sand Hill road and spend months trying to raise money, or we could try to
build a product and really get it off the ground and get customers. We chose the latter route and in hindsight it
was one of the best decisions we made," Lad said.

"If
you have an idea which is high risk, that has a lot of R&D, the NSF tends
to like it," Lad told us.

Suspiciouser and suspiciouser.Note that “We haven’t changed our mind” is in
some papers being reported as “Clinton exonerated!”And I’ll wager that most of the emails had to
do with preparing to campaign for president.

James
Comey: FBI has 'not changed its conclusions' on Clinton's email server since
July decision

…A senior law
enforcement official told NBC News that the FBI's review of the thousands of
emails on the Anthony Weiner laptop concluded that nearly all were duplicates
of emails previously seen by FBI agents investigating the email server.

Jumping the gun on “the election was rigged?”There seems to be no hard evidence to support
the headline.But, did anyone not
working for Trump actually look?

According to multiple sources and witnesses, Broward
County Supervisor of Elections Brenda Snipes and employees are engaging in mass
voter fraud in multiple forms

…It has been
widely reported that black turnout in the state–and in other battleground
states such as North Carolina and Ohio–is way down from 2012 levels. In the past few days, the Clinton campaign and
their Democratic surrogates have been touting “a surge” in turnout among black
voters in Broward County, which is overseen by Snipes. [Are
ballots in Florida marked “Black Voter?”How else would they know?Bob]

…Sources confirm Snipes
was breaking the law and opened more than 153,000 ballots cast
by mail in private, claiming employees were tearing up and disposing of
those that were votes in support of Donald J. Trump.The law prohibits the opening of ballots
without the supervision of a canvassing board appointed to oversee and certify
elections precisely because of this possibility.

Visio may be the industry standard in the corporate world,
but it comes with a huge drawback: it’s expensive ($299 for the standard
version as of this writing). Can’t
afford that? Then you’ll be happy to
know that several open source alternatives exist for the low, low price of
FREE.

Perhaps you could have the Billy Bass sing it for
you?(See yesterday’s blog)

Have you ever wanted to arrive home to a personal welcome?
With a Raspberry Pi and a few simple
components, you can! In this simple
project we’ll use a reed switch to trigger a theme tune when a door is opened. We shall be using a Raspberry Pi as the
controller here, though you could use almost any other microcontroller for this project using the same
circuit.

Sunday, November 06, 2016

Something new?Whenever there is no clear indication of how the hack occurs, you must
consider that this is a test of something new.Did they hack into the bank directly or is it a hack into individual
users?Stay tuned!

In their coverage, BBC reports that “less than
10,000” of the bank’s customers are affected and that they had all been sent
alerts to notify them. So far, none of
the news outlets reporting on this have indicated how the fraud
occurred.

Is Russia this subtle? Possibly.Is the FBI’s explanation credible?If the Tweets were limited to the Hillary files as this article suggests,
no."Never
attribute to malice that which can be adequately explained by stupidity, but don't rule out malice." "Heinlein's Razor"

An odd thing occurred on the FBI’s Record Vault Twitter account on October 31st,
drawing conspiracy theorists out of the woodwork. After months of being almost dormant, the
bot-powered account started firing out tweets related to various Clinton
scandals. Now, the FBI has launched an
internal review to determine how its procedures went wrong.

Specifically, the Twitter bot managed to choose this week
as the perfect time to remind people about a 15-year-old investigation into the
Clinton Foundation and to post the FBI’s file on Hillary Clinton. The first document is the most problematic. It relates to an investigation into the
Clinton Foundation and Marc Rich, who was controversially pardoned by President
Bill Clinton in his final days of office.

…The FBI says
that the timing of the tweets is purely coincidental. In response to request for comment, an agency
spokesman explained to Ars Technica that:

The problem was traced back to the software that handles
automated Twitter posts within the FBI Vault site’s content management system. The documents linked in the Twitter posts that
were already queued for posting dated back several months. When the software was updated, the backlog was suddenly,
automatically, cleared in a spew of tweets.

…Amid a flurry of
ho-hum releases (including the Bureau's own ethics handbook) over the next two
days, two stood out: a nothing-burger on Fred Trump, the father of the
Republican presidential nominee; and heavily redacted documents from a
15-year-old closed investigation into President Bill Clinton’s pardon of
financier Marc Rich, and the William J. Clinton Foundation.

Why is everything automatically connected to the
elections?Makes a more dramatic
story?Russia is probing
everywhere.Does anyone expect it to
stop after the elections?

Microsoft earlier this week said it had fallen victim to
"Strontium," its code name for the Russian hacking group also known
as "Fancy Bear," which has been linked to recent attacks on
Democratic Party systems.

The group launched a spear phishing attack that targeted
vulnerabilities in both the Windows operating system and Adobe Flash, according
to Terry Myerson, executive vice president of Microsoft's Windows and Devices
Group.

The attack, first identified by Google's Threat Analysis
Group, involved two zero-day vulnerabilities in Flash and the down level
Windows kernel, he explained. It used
the Flash exploit to gain control over browsers, elevate privileges to escape
the browser sandbox and install a backdoor to gain access to a user's computer.

Is this based on the political divide or has social media just
pointed out that your “friend” is a complete idiot

Engineers at the California regulator CARB found another,
previously unreported defeat device, German tabloid Bild am Sonntag [paywall] reports. The paper also found a document that is bound
to affect the career of Volkswagen Group powertrain chief Axel Eiser. For
Volkswagen, the find comes at an inopportune moment. The company wants to cut a deal with the U.S.
Department of Justice, and it recently reported progress in the negotiations. The new affair “clouds the prospects” for a
deal, the paper says. The scandal also
puts Audi in the cross-hairs of European tax collectors, who usually are less
understanding than the EU’s paper tiger automotive regulators.

Christmas shopping will begin sooner than anyone wants it
to and there is no better gift to get your DIY dad than a Big Mouth Billy Bass
hooked up to Amazon’s personal assistant, Alexa—especially if you hate your
father.

Brian Kane
is a developer and artist who specializes in humorous projects. For his latest work, he’s modded up the
venerable novelty item and instead of hearing Alexa’s calming voice coming from
an innocuous glowing hockey puck, you get to look at a reanimated piece of
plastic taxidermy mouth the weather report.

Kane hasn’t given a tutorial on how he approached the
Bass/Assistant horror hybrid but Amazon does have an API available that allows users to embed the
tech in third party devices.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.